Audit of Civilian Human Resources Management System (HRMS(Civ)) application access rights . : D58-271/2015E-PDF

“The current HRMS(Civ) user access management framework is not sufficiently rigorous to ensure the integrity and confidentiality of HR data. There is a lack of key system accreditation requirements, limited documentation on the consistent use of the HR data, weak access controls, unclear roles and responsibilities, and the wide distribution of the HR data outside of the HRMS system. The Department is thus unable to ensure that the HR data has been safeguarded, used appropriately, and secured from unauthorized use. As a result, a privacy breach involving the personal data of current and former employees and CAF members may have occurred. Taken in its entirety, these factors create a risk to people's personal information, as well as to the reputation of the Department. Given the sensitive nature and pervasive use of personal information within the Department, stakeholders must be proactive and provide an enterprise approach to the assessment and management of this situation. Based on TBS policy requirements and guidelines, the Department should take expedient action to resolve the identified privacy and security issues and should ensure that the proper user access framework is in place going forward”--Conclusion, p. 15.

Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.833070&sl=1

• Format MARC XML
• Format MARC HTML

Demander des formats alternatifs